Systems and methods for authenticating a requestor at an ATM

ABSTRACT

An authentication computing device including at least one processor in communication with a memory is provided. The processor stores, within the memory, an authentication profile associated with an account holder. The authentication profile includes an account identifier associated with a payment account of the account holder and authentication information. The processor further receives an authentication request associated with the payment account and a payment card action request from a requestor for a payment card action to be performed through an automated teller machine (ATM). The processor also retrieves the stored authentication profile, generates an authentication challenge based on the authentication profile, transmits the authentication challenge to a client device and/or the ATM, receives an authentication response from the requestor, and determines an authentication result based, at least in part, on the authentication response. The authentication result indicates if the requestor is the authenticated account holder of the payment account.

BACKGROUND

The field of the disclosure relates generally to authenticatingrequestors for payment card accounts, and more specifically,authenticating requestors to perform payment card actions throughautomatic teller machines (ATMs).

At least some known automatic teller machines (ATMs) enable cardholdersand other users (referred to herein as “requestors”) to purchase aprepaid payment card. These prepaid cards may be used like debit cardsto make purchases with merchants up to the amount associated with theprepaid cards. The use of a prepaid card instead of other methods ofpayment may be beneficial in some cases such as for gifts and travel.The prepaid card may be gifted to another person to make purchases. Inanother example, the prepaid card may be used during travel to a foreigncountry to make purchases without converting any currency. In addition,using the prepaid card may prevent payment card fraud of the requestor'sother payment cards (e.g., credit or debit cards) while in the foreigncountry.

Moreover, at least some known ATMs enable a cardholder to receive otherpayment cards (e.g., credit and debit cards) in real-time orsubstantially real-time without visiting an issuer (e.g., a bank) orreceiving the payment cards via mail delivery. In other words, theseknown ATMs will generate a payment card and eject the generated paymentcard from the ATM to the cardholder while the cardholder is visiting theATM. Typically, these known ATMs generate white label ornon-personalized payment cards. The ATM may be providing the cardholderwith a new payment card (i.e., for a new account), an updated paymentcard (i.e., for expired payment cards), and/or a replacement paymentcard (i.e., the original payment card was lost or stolen). However,these known ATMs are not configured to authenticate the requestor whengenerating and providing a payment card. For example, if the requestorprovides a check or cash in exchange for a prepaid card, the ATMs arenot configured to authenticate the purchase. In other known ATMs, theauthentication process used may be long and frustrating for requestors,which may potentially lead to reduced purchases of prepaid cards.

BRIEF DESCRIPTION

In one aspect, an authentication computing device including at least oneprocessor in communication with a memory is provided. The processorstores, within the memory, an authentication profile associated with anaccount holder. The authentication profile includes an accountidentifier associated with a payment account of the account holder andauthentication information. The processor further receives anauthentication request associated with the payment account and a paymentcard action request from a requestor for a payment card action to beperformed through an automated teller machine (ATM). The processor alsoretrieves the stored authentication profile, generates an authenticationchallenge based on the authentication profile, transmits theauthentication challenge to a client device and/or the ATM, receives anauthentication response from the requestor, and determines anauthentication result based, at least in part, on the authenticationresponse. The authentication result indicates if the requestor is theauthenticated account holder of the payment account.

In another aspect, a method for authenticating a requestor for a paymentaction request using an authentication system is provided. The methodis, at least partially, implemented by an authentication computingdevice. The method includes storing, within a memory, an authenticationprofile associated with an account holder, the authentication profileincluding an account identifier associated with a payment account of theaccount holder and authentication information associated with theaccount holder. The method also includes receiving an authenticationrequest associated with the payment account of the account holder andwith a payment card action request from a requestor for a payment cardaction to be performed through an ATM, retrieving the storedauthentication profile for the payment account, generating anauthentication challenge based on the stored authentication profile,transmitting the authentication challenge to at least one of a clientdevice and the ATM, receiving an authentication response from therequestor, and determining an authentication result based, at least inpart, on the authentication response. The authentication resultindicates if the requestor is the authenticated account holder of thepayment account.

In yet another aspect, a non-transitory computer-readable storage mediafor authenticating a requestor for a payment action request through anATM using an authentication system is provided. The computer-readablestorage media has computer-executable instructions embodied thereon.When executed by at least one processor, the computer-executableinstructions cause the processor to store, within a memory, anauthentication profile associated with an account holder, theauthentication profile including an account identifier associated with apayment account of the account holder and authentication informationassociated with the account holder. The computer-executable instructionsfurther cause the processor to receive an authentication requestassociated with the payment account of the account holder and with apayment card action request from a requestor for a payment card actionto be performed through the ATM, retrieve the stored authenticationprofile for the payment account, generate an authentication challengebased on the stored authentication profile, transmit the authenticationchallenge to at least one of a client device and the ATM, receive anauthentication response from the requestor, and determine anauthentication result based, at least in part, on the authenticationresponse. The authentication result indicates if the requestor is theauthenticated account holder of the payment account.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an example authentication platform forauthenticating requestors before performing payment card actions.

FIG. 2 is a block diagram of an example authentication system forauthenticating a requestor for payment card actions at an automatedteller machine (ATM) for use with the platform of FIG. 1.

FIG. 3 illustrates an example configuration of a remote computing deviceused to authenticate a requestor for use with the authentication systemshown in FIG. 2.

FIG. 4 illustrates an example configuration of a host system for usewith the authentication system shown in FIG. 2.

FIG. 5 is a data flow diagram of the authentication system shown in FIG.2.

FIG. 6 is a flow diagram of an example method of authenticating arequestor for payment card actions at an ATM using the system shown inFIG. 2.

FIG. 7 is a diagram of components of one or more example computingdevices that may be used in the environment shown in FIG. 6.

DETAILED DESCRIPTION

The system described herein is configured to authenticate a requestor'sidentity for performing a payment card action at an automated tellermachine (ATM) using authentication information from a registered accountholder and the requestor. In particular, the system is configured toprovide a requestor with an authentication challenge in response to arequest to perform a payment card action (e.g., receive a payment card,unblock a payment card, etc.) to authenticate the requestor. The systemincludes an authentication computing device including a processor and amemory. In the example embodiment, the authentication computing deviceis associated with, in communication with, and/or integral to anelectronic funds transfer (EFT) network configured to process requestsinitiated by requestors using an ATM.

During at least some requests, at least one party receiving the requestinitiates an authentication process. The authentication process isdesigned to prevent fraudulent requests by authenticating the identityof the requestor. Various authentication processes may be performed byvarious parties. For example, the party that initiates theauthentication may contract with another party that provides theauthentication service (which may be, for example, one of a merchantbank or an issuer, or may be the EFT network, or may be another thirdparty). Upon authentication of the cardholder's identity, theauthentication service provides an indication of authentication(sometimes with a score or level of confidence) to theauthentication-initiating party. The request may then be resumed andtransmitted for an authorization process. The payment processor collectsrequest data associated with these requests (e.g., authentication and/orauthorization) for further processing.

In the example embodiment, the authentication computing device isassociated with an authentication service. As described above, theauthentication service may be provided to merchants, merchant banks,and/or issuer banks by the EFT network and/or by another third party.The authentication computing device is further in communication with oneor more ATM computing devices. Each ATM computing device is part of anATM and may be associated with a merchant, a bank, an issuer, and/oranother third party providing financial services at the ATM. In oneembodiment, the authentication computing device may store, receive,retrieve, and/or otherwise access a lookup table that includes the ATMcomputing devices, wherein the lookup table indicates whether or noteach of the ATM computing devices is associated with an automatedpayment card service.

At least one ATM computing device is configured to provide an automatedpayment card service. In particular, the ATM computing device isconfigured to enable a requestor to perform payment card actions at theATM, such as request a payment card from the ATM. At least some paymentcards may be purchased through the ATM computing device. For example,prepaid cards may be purchased and activated through the ATM computingdevice. The prepaid card is associated with an account stored at the ATMcomputing device (or another computing device associated with the ATMcomputing device) that includes an amount based on the payment made bythe requestor. Additionally or alternatively, the payment card actionsmay include reissuing payment cards, renewing expired payment cards, andunblocking payment cards. That is, the ATM computing device and theauthentication computing device are configured to enable cardholders toperform these payment card actions that typically require thecardholders to contact or visit an issuer (e.g., a bank) at an ATM.

To purchase a prepaid card or receive another payment card, therequestor registers with the authentication service. In one embodiment,the ATM computing device begins an enrollment process by prompting therequestor to provide registration information. The registrationinformation may include, but is not limited to, a username, a name, anage, an address, and a bank identifier of the requestor. In anotherembodiment, the requestor may register via an app or web service at aclient device associated with the requestor. The client device mayinclude a smartphone, a laptop, a desktop, a tablet, a wearable device,a smartwatch, and/or another type of computing device. When registering,the requestor is prompted to input authentication information thatuniquely identifies the requestor. In the example embodiment, theauthentication information is biometric information, such as afingerprint or image of the requestor. The ATM computing device and/orthe client device includes at least one component for collectingauthentication information from the requestor, such as a fingerprintscanner, a touchscreen, a microphone, and/or a camera. In someembodiments, the authentication information may be retrieved from orlinked from a user information database that stores authenticationinformation, such as a database of national identifications (IDs).Additionally or alternatively, the requestor may be prompted to provideother authentication information, such as a password or other uniqueidentifier.

Based on the registration information and/or the authenticationinformation, a registration profile may be created for the requestor andstored in a memory associated with the authentication computing device.In some embodiments, the registration profile may be linked to anexisting user account of the requestor with a financial institution(e.g., an online account with a bank). When the requestor subsequentlyrequests to perform a payment card action, the ATM computing device orthe client device prompts the requestor to input user credentials suchas a username or other information that may identify the requestor.Alternatively, the ATM computing device or the client device may promptthe requestor for user credentials before submitting the request. Theuser credentials may be associated with the requestor's user accountwith the financial institution. The ATM computing device or the clientdevice may determine that the user credentials are associated with arequestor enrolled in the authentication service. The ATM computingdevice or the client device generates an authentication request with theuser credentials and transmits the authentication request to theauthentication computing device.

The authentication computing device is configured to identify a storedregistration profile that is associated with the authentication request(e.g., based on the user credentials of the authentication request). Theidentified registration profile is retrieved for authentication. In someembodiments, the authentication computing device generates anauthentication challenge and transmits the authentication challenge tothe ATM computing device and/or the client device for authentication.The authentication challenge is based on the authentication informationassociated with the identified registration profile. For example, if therequestor provided a fingerprint during registration for theauthentication service, the authentication challenge prompts therequestor to provide a similar fingerprint for comparison as describedbelow. The authentication information may be stored with the identifiedregistration profile and/or in a different memory, such as the nationalID database. In other embodiments, another computing device such as abiometric authentication server or a computing device associated withthe national ID database may generate the authentication challenge.

Once the ATM computing device and/or the client device receive theauthentication challenge, the requestor is prompted to respond. Incertain embodiments, the requestor may be given a time limit to respondto the biometric challenge. If the time limit is exceeded, the requestto perform the payment card action may be automatically declined. Oncethe ATM computing device or the client device collects authenticationinformation from the requestor, the ATM computing device or the clientdevice transmits an authentication response including the collectedauthentication information to the authentication computing device to beused in an authentication process. Additionally or alternatively, adifferent computing device associated with the authentication challenge(e.g., the biometric authentication server) may receive theauthentication response to perform the authentication process.

In some embodiments, when the client device receives the authenticationchallenge, the client device may be configured to provide location data(e.g., coordinates) to the authentication computing device and/or theATM computing device to determine a location of the account holderrelative to the ATM. The location information may be provided with theauthentication response. For example, the authentication computingdevice may request Global Positioning System (GPS) coordinates from theclient device. When the authentication computing device receives thelocation data of the client device, the authentication computing deviceretrieves location data associated with the ATM used by the requestor toinitiate that payment card action request. The location data may beretrieved, for example, from the ATM computing device or from the memoryof the authentication computing device. Alternatively, theauthentication computing device may receive the location data of the ATMbefore retrieving the location data of the client device. Theauthentication computing device compares the location of the clientdevice to the locations of the ATM to determine whether or not theaccount holder is present at the ATM. Alternatively, the client devicemay communicate with the ATM computing device to determine a relativelocation of the account holder to the ATM. If the account holder iswithin a predefined radius of an ATM, the payment card action requestmay be more likely to be initiated by the authentic cardholder than afraudulent requestor. Conversely, if the client device is not present atthe ATM, the request may be fraudulent. In certain embodiments, theauthentication result is based in part of the comparison of the locationdata.

The collected authentication information is compared to storedauthentication information associated with the registration profile ofthe requestor. If the collected authentication information issubstantially similar (e.g., there is a match) to the storedauthentication information, the authentication computing device maydetermine that the requestor is authenticated. Otherwise, if thecollected authentication information is not substantially similar (e.g.,no match) to the stored authentication information, the authenticationcomputing device may determine that the requestor is not authenticated(“declined”). The authentication computing device may generate anauthentication value for each set of authentication information andcompare the authentication values to authenticate the requestor. Forexample, if a difference between the authentication values is within apredetermined threshold, the authentication computing device maydetermine that the requestor is authenticated.

In the example embodiment, the ATM computing device receives a result(also referred to as an “authentication result”) of the authenticationprocess from the authentication computing device. In another embodiment,the requestor's client device transmits the authentication request andreceives the result from the authentication computing device. The clientdevice, upon receiving the authentication result, transmits theauthentication result to the ATM computing device while the requestor islocated near the ATM computing device via near-field communication(NFC), Bluetooth, or another form of communication. The authenticationresult indicates whether or not the requestor was authenticated ordeclined during the authentication process. In some embodiments, theresult may include a confidence score that indicates the confidence ofthe authentication computing device that the authentic cardholder isrequesting to perform the payment card action at the ATM. If therequestor is authenticated, the ATM computing device may proceed withprocessing the request to perform the payment card action. In someembodiments, the authentication computing device or the client devicemay transmit a token or other unique identifier to the ATM computingdevice to indicate that the requestor has been authenticated.

For example, if a prepaid card was requested, the ATM computing devicemay be configured to create a prepaid account associated with therequestor and the prepaid card. The ATM computing device is configuredto receive cash, check, a payment card, payment information from adigital wallet, and/or another method of payment to add money to theprepaid account. The ATM computing device writes account information ofthe prepaid account to a physical card stored in the ATM and dispensesthe card to the requestor such that the card may be used to conductfinancial transactions with merchants using the money associated withthe prepaid account.

In another example, if a new, updated, or replacement payment card wasrequested, the ATM computing device may be configured to update theexisting user account of the requestor with the payment cardinformation. More specifically, the ATM computing device may update orremove payment card information from the user account that is associatedan expired, lost, or stolen payment card. Similar to the prepaid card,the ATM computing device writes account information to a physical cardstored in the ATM and dispenses the card to the requestor.

Once the card has been dispensed, the ATM computing device mayautomatically log the requestor out after a predetermined period oftime. In some embodiments, the ATM computing device may transmit anotification to the client device to provide information about theprepaid card and the authentication result. The notification may be anemail, a text message, a phone call, a multimedia message, an appnotification, and/or a different type of notification. In otherembodiments, the ATM computing device is configured to display thenotification.

The systems and methods described herein are configured to facilitate(a) secure payment card actions at ATMs; (b) performing payment cardactions without requiring a cardholder to contact or visit an issuer;(c) reduce the amount of time to process payment card actions; and (d)reduced number of payment card actions manually processed by a financialinstitution.

The technical effects of the systems and methods described herein can beachieved by performing at least one of the following steps: (i) storing,within a memory, an authentication profile associated with an accountholder, the authentication profile including an account identifierassociated with a payment account of the account holder andauthentication information associated with the account holder; (ii)receiving an authentication request associated with the payment accountof the account holder, the authentication request associated with apayment card action request from a requestor for a payment card actionto be performed through an ATM; (iii) retrieving the storedauthentication profile for the payment account; (iv) transmitting theauthentication challenge to at least one of a client device and the ATM;(v) generating an authentication challenge based on the storedregistration profile; (vi) receiving an authentication response from therequestor; and (vii) determining an authentication result based, atleast in part, on the authentication response, the authentication resultindicates if the requestor is the authentic account holder of thepayment account.

The following detailed description of the embodiments of the disclosurerefers to the accompanying drawings. The same reference numbers indifferent drawings may identify the same or similar elements. Also, thefollowing detailed description does not limit the claims.

Described herein are computer systems such as the authenticationcomputing device, client devices, and ATM computing devices. Asdescribed herein, all such computer systems include a processor and amemory. However, any processor in a computer device referred to hereinmay also refer to one or more processors wherein the processor may be inone computing device or a plurality of computing devices acting inparallel. Additionally, any memory in a computer device referred toherein may also refer to one or more memories wherein the memories maybe in one computing device or a plurality of computing devices acting inparallel.

As used herein, a processor may include any programmable systemincluding systems using micro-controllers, reduced instruction setcircuits (RISC), application specific integrated circuits (ASICs), logiccircuits, and any other circuit or processor capable of executing thefunctions described herein. The above examples are example only, and arethus not intended to limit in any way the definition and/or meaning ofthe term “processor.”

As used herein, the term “database” may refer to either a body of data,a relational database management system (RDBMS), or to both. As usedherein, a database may include any collection of data includinghierarchical databases, relational databases, flat file databases,object-relational databases, object oriented databases, and any otherstructured collection of records or data that is stored in a computersystem. The above examples are example only, and thus are not intendedto limit in any way the definition and/or meaning of the term database.Examples of RDBMS's include, but are not limited to including, Oracle®Database, MySQL, IBM® DB2, Microsoft® SQL Server, Sybase®, andPostgreSQL. However, any database may be used that enables the systemsand methods described herein. (Oracle is a registered trademark ofOracle Corporation, Redwood Shores, Calif.; IBM is a registeredtrademark of International Business Machines Corporation, Armonk, N.Y.;Microsoft is a registered trademark of Microsoft Corporation, Redmond,Wash.; and Sybase is a registered trademark of Sybase, Dublin, Calif.)

In one embodiment, a computer program is provided, and the program isembodied on a computer readable medium. In an example embodiment, thesystem is executed on a single computer system, without requiring aconnection to a sever computer. In a further embodiment, the system isbeing run in a Windows® environment (Windows is a registered trademarkof Microsoft Corporation, Redmond, Wash.). In yet another embodiment,the system is run on a mainframe environment and a UNIX® serverenvironment (UNIX is a registered trademark of X/Open Company Limitedlocated in Reading, Berkshire, United Kingdom). The application isflexible and designed to run in various different environments withoutcompromising any major functionality. In some embodiments, the systemincludes multiple components distributed among a plurality of computingdevices. One or more components may be in the form ofcomputer-executable instructions embodied in a computer-readable medium.

As used herein, an element or step recited in the singular and proceededwith the word “a” or “an” should be understood as not excluding pluralelements or steps, unless such exclusion is explicitly recited.Furthermore, references to “example embodiment” or “one embodiment” ofthe present disclosure are not intended to be interpreted as excludingthe existence of additional embodiments that also incorporate therecited features.

As used herein, the terms “software” and “firmware” are interchangeable,and include any computer program stored in memory for execution by aprocessor, including RAM memory, ROM memory, EPROM memory, EEPROMmemory, and non-volatile RAM (NVRAM) memory. The above memory types areexample only, and are thus not limiting as to the types of memory usablefor storage of a computer program.

As used herein, the terms “transaction card,” “financial transactioncard,” and “payment card” refer to any suitable transaction card, suchas a credit card, a debit card, a prepaid card, a charge card, amembership card, a promotional card, a frequent flyer card, anidentification card, a prepaid card, a gift card, and/or any otherdevice that may hold payment account information, such as mobile phones,Smartphones, personal digital assistants (PDAs), key fobs, and/orcomputers. Each type of transactions card can be used as a method ofpayment for performing a transaction. In addition, consumer card accountbehavior can include but is not limited to purchases, managementactivities (e.g., balance checking), bill payments, achievement oftargets (meeting account balance goals, paying bills on time), and/orproduct registrations (e.g., mobile application downloads).

The systems and processes are not limited to the specific embodimentsdescribed herein. In addition, components of each system and eachprocess can be practiced independent and separate from other componentsand processes described herein. Each component and process also can beused in combination with other assembly packages and processes.

The following detailed description illustrates embodiments of thedisclosure by way of example and not by way of limitation. It iscontemplated that the disclosure has general application to thedetermination and analysis of characteristics of devices used in paymenttransactions.

FIG. 1 is a schematic diagram illustrating an example authenticationplatform 10 that includes a funds transfer network 12 for performingfinancial transactions and other financial account actions betweenpayment accounts. In the example embodiment, authentication platform 10is configured to authenticate a user or requestor before performing apayment card action (e.g., generating a new payment card, activating apayment card, etc.). Network 12 may be, for example, an electronic fundstransfer (EFT) network. In the example embodiment, network 12 iscommunicatively coupled to a plurality of bank computing devices 14, aplurality of ATMs 16, and transfer devices 18. In other embodiments,network 12 may be communicatively coupled to additional, fewer, oralternative computing devices, including those described elsewhereherein.

Network 12 is configured to receive and transmit electronic messagesassociated with payment accounts between the computing devices. Thepayment accounts are generated and stored by bank computing devices 14.Bank computing devices 14 are associated with one or more financialinstitutions that provide payment accounts to customers, such as banksand credit unions. The payment accounts may be used to perform financialtransactions with merchants through network 12 or a different network.At least some payment accounts are associated with a payment card thatenables the financial transactions to be performed. Bank computingdevices 14 enable account holders to perform various payment cardactions using network 12. In particular, these payment card actions areactions perform for the account holder's payment account or between thepayment account and a second payment account. The payment accounts maybe associated with different account holders or the same account holder.For example, an account holder may transfer funds between paymentaccounts, open a new payment account (e.g., a prepaid account), renewpayment cards, and/or unblock or activate a payment account.

In the example embodiment, bank computing devices 14 include a webinterface to enable the account holders to access information associatedwith their payment accounts and perform at least some payment cardactions. Some payment card actions, such as opening or activating apayment account, may not be available through the web interface toprevent fraudulent activity. Bank computing devices 14 may also beoperated by administrative users (e.g., employees of the financialinstitutions) to perform payment card actions on-behalf of the accountholders when the account holders visit or contact the associatedfinancial institution. The payment card actions may not be limited whenperformed by the administrative users because the administrative userscan physically authenticate the identity of the account holder beforeperforming the payment card action.

In the example embodiment, ATMs 16 are communicatively coupled to bankcomputing devices 14 through network 12 to enable account holders toperform payment card actions. ATMs 16 include components such as a cardreader, keypad, camera, and fingerprint scanner for verifying anidentity of the account holder. ATMs 16 request authorization from bankcomputing devices 14 to conduct the payment card actions. ATMs 16 areconfigured to store and dispense money and payment cards for certainpayment card actions. To operate ATM 16, an account holder provides auser identifier that identifies the account holder or the paymentaccount to ATM 16. ATM 16 is configured to retrieve informationassociated with the payment account and prompt the account holder toselect an available payment card action. After ATM 16 receives aselection and verifies the identity of the account holder, ATM 16transmits a message to bank computing device 14 to request authorizationof the action.

In one example, to withdraw money from a payment account of an accountholder, the account holder presents a payment card associated with theaccount to a card reader of ATM 16 to identify the account holder andthe payment account. After a withdrawal amount is specified, ATM 16transmits a message to bank computing device 14 that stores the accountindicating the amount and dispenses money to match the withdrawal amountin response to receiving approval from bank computing device 14.

In the example embodiment, transfer devices 18 are configured to performpayment card actions through network 12. Transfer devices 18 may not beassociated with a financial institution that provides payment accountsto customers. For example, transfer device 18 may be associated with awire transfer institution that enables customers to transfer physicalfunds (e.g., check, money, etc.) to a payment account within network 12without transferring said funds from another account. Transfer device 18may also be configured to perform payment card actions between network12 and a different network, such as a network provided in a differentcountry.

As described below, platform 10 includes authentication system 100. ATMs16 are in communication with authentication system 100 that provides anauthentication service to payment account holders. Account holders aregiven an option to register to the authentication service to enablesecure payment card actions at ATMs 16. In some embodiments, the accountholders may be automatically enrolled in the authentication service.Authentication system 100 is configured to receive authenticationinformation (e.g., biometric information) associated with the accountholder during registration and transmit an authentication challenge tothe account holder in response to a request to perform a payment cardaction using the account holder's payment account. Authentication system100 receives a challenge response from the account holder and determinesan authentication result. That is, authentication system 100 isconfigured to authenticate or decline the request. Authentication system100 transmits the authentication result to ATM 16 and/or bank computingdevice 14 to process the request.

FIG. 2 is a block diagram of a portion of authentication platform 10shown in FIG. 1. More specifically, FIG. 2 is a block diagram ofauthentication system 100 in communication with an ATM computing device102 of ATM 16 and a client device 104 to authenticate users for paymentaccounts actions at ATM 16. In the example embodiment, system 100includes an authentication computing device 106 and a database 108. Inother embodiments, system 100 may include additional, fewer, oralternative components, including those described elsewhere herein.

In the example embodiment, ATM computing device 102 is a computingdevice integrated with ATM 16. In other embodiments, ATM computingdevice 102 may be communicatively coupled to ATM 16. ATM computingdevice 102 is configured to communicate with client device 104 and/orauthentication computing device 106 to facilitate authenticating arequestor for a payment card action. As used herein, a requestor may bean account holder or a user with permission to perform payment cardactions using the payment account. In some cases, the requestor may alsobe a fraudulent party that is attempting to perform a fraudulent paymentcard action using the account holder's payment account. In the exampleembodiment, ATM computing device 102 is also communicatively coupled tonetwork 12 to communicate with bank computing devices 14 (both shown inFIG. 1). In at least some embodiments, ATM computing device 102 is incommunication with an authentication component 110 of ATM 16 forcollecting authentication information from a requestor. Theauthentication component 110 may include, for example, a fingerprintscanner, a camera, a microphone, a touchscreen, or another componentconfigured to collection authentication information.

Client device 104 is a computing device associated with the accountholder. For example, client device 104 may be a smartphone, tablet,smartwatch, wearable electronic, laptop, desktop, vehicle computingdevice, or another type of computing device associated with the accountholder. Client device 104 includes an input component 112 such as afingerprint scanner, a camera, a microphone, a touchscreen, or anothercomponent configured to collection authentication information. Clientdevice 104 is communicatively coupled to ATM computing device 102 and/orauthentication computing device 106 to perform payment card actions andprovide authentication information from the account holder.

Authentication computing device 106 is configured to provide anauthentication service for the account holder to facilitate securepayment card actions at ATM 16. During registration of the accountholder's payment account or at a later time, the account holder may beprompted to enroll in the authentication service. If the account holderaccepts, an enrollment process begins. During the enrollment process,authentication computing device 106 receives a user identifierassociated with the account holder and/or the payment account. The useridentifier may include, but is not limited to, a name, an primaryaccount number (PAN), a username, a password, and/or another uniqueidentifier. The user identifier is used to identify which account holderand payment account is associated with an authorization request asdescribed herein. The account holder provides a device identifier toauthentication computing device 106 to link client device 104 to theenrolled payment account. In addition, authentication computing device106 is configured to prompt the account holder to provide authenticationinformation. In the example embodiment, the authentication informationis biometric information, such as a fingerprint, image, or voiceprint.Input component 112 of client device 104 may be used to collect thebiometric information. In other embodiments, the authenticationinformation may be a different type of information, such as deviceinformation. Once the user identifier, the device identifier, and theauthentication information have been received, authentication computingdevice 106 is configured to generate an authentication profileassociated with the account holder and store the authentication profilein a memory associated with authentication computing device 106. Forexample, database 108 may be configured to store the authenticationprofile.

In some embodiments, at least some information may be automaticallyretrieved by authentication computing device 106 during the enrollmentprocess. For example, at least a portion of the user identifier may beretrieved from the payment account. In another example, authenticationcomputing device 106 is in communication with an external userinformation database (e.g., a national ID database) that includesauthentication information of the account holder. In such an example,the authentication information may not be stored with the authenticationprofile, but rather is retrieved from the user information databaseduring an authentication process as described herein.

In the example embodiment, authentication computing device 106 isconfigured to notify ATM computing device 106 that the payment accounthas been enrolled in the authentication service. ATM computing device106 stores the notification such that ATM computing 106 is configured toidentify payment accounts enrolled in the authentication service.Additionally or alternatively, authentication computing device 102 maynotify a different computing device, such as bank computing device 14(shown in FIG. 1), that the payment account has been enrolled.

In some cases, the account holder may already be enrolled in theauthentication service. Authentication computing device 106 isconfigured to detect whether an authentication profile already existsfor the account holder during the enrollment process. If theauthentication profile already exists, authentication computing device106 is configured to link the authentication profile to the accountholder's payment account. In certain embodiments, the account holder mayregister for the authentication service without linking to a paymentaccount. Authentication computing device 106 may be configured to pushan application to client device 104 after the account holder hasenrolled.

In the example embodiment, a requestor transmits a payment card actionrequest to ATM computing device 102 to request a payment card action beperformed through ATM 16. In one embodiment, the payment card actionrequest is transmitted from client device 104. In another embodiment,the payment card action request is inputted by the requestor at ATM 16.The payment card action request includes one or more user identifiersthat identify the requestor and/or an account identifier for theassociated payment account. ATM computing device 102 is configured todetermine if the requestor and/or the payment account is enrolled in theauthentication service. In some embodiments, if the requestor and thepayment account are not enrolled, ATM computing device 102 mayautomatically decline the request. If the requestor and the paymentaccount are enrolled, ATM computing device 102 is configured to generateand transmit an authentication request to authentication computingdevice 106. The authentication request includes the user and/or accountidentifiers from the payment card action request. Alternatively, theauthentication request may include an identifier that uniquelyidentifies the authentication profile of the payment account. In certainembodiments, rather than sending the payment card action request to ATMcomputing device 102, client device 104 may be configured to transmitthe authentication request directly to authentication computing device106.

In the example embodiment, authentication computing device 106 isconfigured to receive the authentication request and identify anauthentication profile associated with the authentication request.Authentication computing device 106 retrieves the authentication profileto begin the authentication process. In some embodiments, if the storedauthentication information from the enrollment process is not storedwith the authentication profile, authentication computing device 106 mayretrieve the authentication information. Authentication computing device106 is configured to generate an authentication challenge and transmitsaid challenge to ATM computing device 102 and/or client device 104. Theauthentication challenge is configured to prompt the requestor toprovide similar authentication information as the stored authenticationinformation form the enrollment process. For example, if a thumbprintwas provided during the enrollment process, the authentication challengemay request a thumbprint from the same thumb. In certain embodiments,ATM computing device 102 may transmit the authentication challenge toclient device 104. If client device 104 receives the authenticationchallenge, the user of client device 104 (e.g., the payment accountholder) may have the option to report the payment card action request aspotentially fraudulent if the user is not the requestor.

ATM computing device 102 and/or client device 104 are configured toprompt the requestor to provide authentication information.Authentication component 110 and input component 112 are configured tocollect the authentication information from the requestor.Alternatively, if the authentication challenge is requesting deviceauthentication information, ATM computing device 102 or client device104 may automatically retrieve, calculate, or otherwise provide theauthentication information. ATM computing device 102 and/or clientdevice 104 are configured to generate a challenge response including thecollected authentication information and transmit the challenge responseto authentication computing device 106 for comparison.

In some embodiments, when client device 104 receives the authenticationchallenge, client device 104 may be configured to provide location data(e.g., coordinates, address, etc.) to authentication computing device106 and/or ATM computing device 102 to determine a location of theaccount holder relative to ATM 16. The location information may beprovided with the authentication response. For example, authenticationcomputing device 106 may request Global Positioning System (GPS)coordinates from client device 104. When authentication computing device106 receives the location data of client device 104, authenticationcomputing device 106 retrieves location data associated with ATM 16 usedby the requestor to initiate that payment card action request. Thelocation data may be retrieved, for example, from ATM computing device102 or from the memory of authentication computing device 102.Alternatively, authentication computing device 102 may receive thelocation data of ATM 16 before retrieving the location data of clientdevice 104. Authentication computing device 106 compares the location ofclient device 104 to the location of ATM 16 to determine whether or notthe account holder is present at ATM 16. In some embodiments, clientdevice 104 may communicate with ATM 16 to determine a relative distancebetween client device 104 and the ATMs. If the account holder is withina predetermined radius of ATM 16, the payment card action request may bemore likely to be initiated by the authentic cardholder than afraudulent requestor. In certain embodiments, the authentication resultis based in part of the location data of the account holder and ATM 16.

Authentication computing device 106 receives the challenge response andparses the collected authentication information from the response.Authentication computing device 106 is configured to compare thecollected authentication information to the stored authenticationinformation from the enrollment process. The comparison may be performedusing any suitable technique for the type of authentication information(e.g., biometric, device, etc.). Authentication computing device 106 isconfigured to determine whether or not to authenticate the requestorbased on the comparison. More specifically, if the collectedauthentication information substantially matches the storedauthentication information, authentication computing device 106 mayauthenticate the requestor. In some embodiments, authenticationcomputing device 106 may calculate an authentication value from thecomparison that measures how much the collected and storedauthentication information match or differ. If the authentication valuepasses a predetermined threshold value, authentication computing device106 may authenticate the requestor.

Once the requestor's identity has been authenticated or denied,authentication computing device 106 transmits an authentication resultto ATM computing device 102 and/or client device 104. In someembodiments, authentication computing device 106 may transmit theauthentication result to a different computing device, such as bankcomputing device 14. The authentication result indicates whether or notthe request has been authenticated. The authentication result mayinclude the authentication value to enable ATM computing device 102 orbank computing device 14 to determine whether the payment card actionrequest should be authorized. In some embodiments, the authenticationresult may include an action identifier that indicates what payment cardaction was requested, when the request was submitted, and whether or notthe requestor was authenticated. The action identifier may be used, forexample, when requesting to perform the payment card action throughclient device 104 while remote from ATM computing device 102. Clientdevice 104 transmits the action identifier to ATM computing device 102to perform the payment card action.

In other embodiments, authentication computing device 106 may transmitthe stored authentication information with the authentication challengein response to the authentication request to ATM computing device 102and/or client device 104. In such embodiments, ATM computing device 102and/or client device 104 are configured to collect the authenticationinformation from the requestor and compare the collected authenticationinformation to the stored authentication information to authenticate therequestor. Authentication computing device 106 may receive theauthentication result

In the example embodiment, if the authentication result indicates therequestor is authenticated, ATM computing device 102 determines if therequestor and/or the payment account is eligible to perform therequested payment card action. For example, if the requestor isrequesting a prepaid card using funds transferred from an existingpayment account of the requestor, ATM computing device 102 determines ifthe existing payment account has sufficient funds. If the requestor andthe payment account is eligible, ATM computing device 102 and/or ATM 16are configured to perform the payment card action.

In one example, ATM computing device 102 transmits a message throughnetwork 12 to an associated bank computing device 14 to perform thepayment card action. In another example, ATM 16 includes a dispensingmechanism 116 that is configured to store a plurality of unregisteredpayment cards. These payment cards may include, for example, creditcards, debit cards, or prepaid cards. If the requestor is requesting anew payment card, dispensing mechanism 116 is configured to write or addpayment account information to one of the unregistered payment cards anddispense the payment card for the requestor. Dispensing mechanism 116may physically add payment account information to the payment card(e.g., adding the PAN, cardholder name, magnetic strip data, etc.) inaddition to linking the payment card to the payment account. In theexample embodiment, dispensing mechanism 116 is configured to generatepersonalized payment cards for the requestor by adding personalizationelements (e.g., logo, background, text format, etc.) to the cards. Forexample, if the requestor is attempting to renew an expired paymentcard, dispensing mechanism 116 may add the same logo, background, andother details of the expired card to the newly generated card. In someembodiments, the personalization elements associated with the requestorare stored in a database, such as database 108. ATM computing device 102is configured to notify the associated bank computing device 14 that anew payment card has been dispensed.

FIG. 3 depicts an exemplary configuration of a user or remote computingdevice 302. Computing device 302 may include ATM computing device 102and client device 104 (both shown in FIG. 2). Computing device 302 mayinclude a processor 305 for executing instructions. In some embodiments,executable instructions may be stored in a memory area 310. Processor305 may include one or more processing units (e.g., in a multi-coreconfiguration). Memory area 310 may be any device allowing informationsuch as executable instructions and/or other data to be stored andretrieved. Memory area 310 may include one or more computer-readablemedia.

Computing device 302 may also include at least one media outputcomponent 315 for presenting information to a user 330. Media outputcomponent 315 may be any component capable of conveying information touser 330. In some embodiments, media output component 315 may include anoutput adapter, such as a video adapter and/or an audio adapter. Anoutput adapter may be operatively coupled to processor 305 andoperatively coupleable to an output device such as a display device(e.g., a liquid crystal display (LCD), organic light emitting diode(OLED) display, cathode ray tube (CRT), or “electronic ink” display) oran audio output device (e.g., a speaker or headphones). In someembodiments, media output component 315 may be configured to present aninteractive user interface (e.g., a web browser or client application)to user 330.

In some embodiments, computing device 302 may include an input device320 for receiving input from user 330. Input device 320 may include, forexample, a keyboard, a pointing device, a mouse, a stylus, a touchsensitive panel (e.g., a touch pad or a touch screen), a camera, agyroscope, an accelerometer, a position detector, and/or an audio inputdevice. A single component such as a touch screen may function as bothan output device of media output component 315 and input device 320.

Computing device 302 may also include a communication interface 325,which may be communicatively coupleable to a remote device such asauthentication computing device 106 (shown in FIG. 2). Communicationinterface 325 may include, for example, a wired or wireless networkadapter or a wireless data transceiver for use with a mobile phonenetwork (e.g., Global System for Mobile communications (GSM), 3G, 4G orBluetooth) or other mobile data network (e.g., WorldwideInteroperability for Microwave Access (WIMAX)).

Stored in memory area 310 are, for example, computer-readableinstructions for providing a user interface to user 330 via media outputcomponent 315 and, optionally, receiving and processing input from inputdevice 320. A user interface may include, among other possibilities, aweb browser and client application. Web browsers enable users 330 todisplay and interact with media and other information typically embeddedon a web page or a website from a web server associated with a merchant.A client application allows users 330 to interact with a serverapplication associated with, for example, a vendor or business.

FIG. 4 depicts an exemplary configuration of a host computing device402. Host computing device 402 may include, but is not limited to, bankcomputing devices 14, transfer device 18, ATM computing device 102,client device 104, and authentication computing device 106 (shown inFIGS. 1 and 2). Host computing device 402 may include a processor 404for executing instructions. Instructions may be stored in a memory area406, for example. Processor 404 may include one or more processing units(e.g., in a multi-core configuration).

Processor 404 may be operatively coupled to a communication interface408 such that host computing device 402 may be capable of communicatingwith a remote device such as computing device 302 shown in FIG. 3 oranother host computing device 402. For example, communication interface408 may receive requests from user computing device 302 via theInternet.

Processor 404 may also be operatively coupled to a storage device 410.Storage device 410 may be any computer-operated hardware suitable forstoring and/or retrieving data. In some embodiments, storage device 410may be integrated in host computing device 402. For example, hostcomputing device 402 may include one or more hard disk drives as storagedevice 410. In other embodiments, storage device 410 may be external tohost computing device 402 and may be accessed by a plurality of hostcomputing devices 402. For example, storage device 410 may includemultiple storage units such as hard disks or solid state disks in aredundant array of inexpensive disks (RAID) configuration. Storagedevice 410 may include a storage area network (SAN) and/or a networkattached storage (NAS) system.

In some embodiments, processor 404 may be operatively coupled to storagedevice 410 via a storage interface 412. Storage interface 412 may be anycomponent capable of providing processor 404 with access to storagedevice 410. Storage interface 412 may include, for example, an AdvancedTechnology Attachment (ATA) adapter, a Serial ATA (SATA) adapter, aSmall Computer System Interface (SCSI) adapter, a RAID controller, a SANadapter, a network adapter, and/or any component providing processor 404with access to storage device 410.

Memory areas 310 (shown in FIG. 3) and 406 may include, but are notlimited to, random access memory (RAM) such as dynamic RAM (DRAM) orstatic RAM (SRAM), read-only memory (ROM), erasable programmableread-only memory (EPROM), electrically erasable programmable read-onlymemory (EEPROM), and non-volatile RAM (NVRAM). The above memory typesare example only, and are thus not limiting as to the types of memoryusable for storage of a computer program.

FIG. 5 is a data flow diagram of authentication system 100 (shown inFIG. 2). More specifically, FIG. 5 depicts enrollment information 502,an authentication profile 504, a payment card action request 506, anauthentication request 508, an authentication challenge 510, anauthentication response 512, and an authentication result 514.

In the example embodiment, during an enrollment process for anauthentication service provided by authentication computing device 106,client device 104 transmits enrollment information 502 associated withan account holder to authentication computing device 106. In otherembodiments, another computing device (including those not shown) maytransmit enrollment information 502 to authentication computing device106. Enrollment information 502 includes an account identifier andauthentication information. In some embodiments, enrollment information502 may include a user identifier, a device identifier, and otherinformation provided during the enrollment process.

Based on enrollment information 502, authentication computing device 106is configured to generate authentication profile 504. In certainembodiments, authentication profile 504 may be linked to authenticationinformation stored in an external user information database (not shown).Authentication profile 504 is associated with the account holder and apayment account of the account holder. Authentication profile 504 may begenerated before enrolling the payment account in the authenticationservice. In such embodiments, authentication profile 504 may be linkedto the account holder and/or the payment account. In the exampleembodiment, authentication profile 504 is stored in database 108 forsubsequent retrieval.

In the example embodiment, a requestor submits payment card actionrequest 506 to ATM computing device 102 and/or client device 104 torequest to perform a payment card action at ATM 16. In some embodiments,ATM computing device 102 and client device 104 may transmit payment cardaction request 506 to each other.

Upon determining the account holder and payment account are enrolled inthe authentication service, ATM computing device and/or client device104 are configured to generate authentication request 508 and transmitauthentication request 508 to authentication computing device 106 tobegin an authentication process for the requestor. Authenticationrequest 508 includes a user or account identifier for identifying anauthentication profile 504 associated with request 508. Authenticationcomputing device 106 is configured to retrieve the associatedauthentication profile 504 to generate authentication challenge 510. Inparticular, authentication computing device 106 retrieves theauthentication information from the enrollment process to determine atype of authentication (e.g., biometric, device, etc.) to request fromthe requestor. In some embodiments, such as when authenticationchallenge 510 is transmitted to client device 104, authenticationcomputing device 106 retrieves a device identifier to communicate withthe device associated with the account holder.

Authentication challenge 510 is transmitted to ATM computing device 102and/or client device 104. Authentication challenge 510 is configured toprompt the requestor to provide similar authentication information asthe authentication information provided during the enrollment process.ATM computing device 102 and/or client device 104 may include componentsor systems for collecting the requestor's authentication information(e.g., authentication component 112 and input component 114,respectively, shown in FIG. 2). Once authentication information has beencollected by ATM computing device 102 and/or client device 104,authentication response 512 is generated and transmitted toauthentication computing device 106. Authentication response 512includes the collected authentication information from the requestor forcomparison and analysis. In some embodiments, authentication response512 further includes location data collected by client device 104 tofacilitate identifying a location of the account holder relative to aplurality of ATMs, such as ATM 16.

In the example embodiment, authentication computing device 106 comparesauthentication profile 504 to authentication response 512. Morespecifically, authentication computing device 106 is configured tocompare the stored authentication information from authenticationprofile 504 to the collected authentication information fromauthentication response 512. If the two sets of authenticationinformation match or are within a predetermined threshold value of eachother, the requestor may be the authentic account holder. If the twosets of authentication information do not match, the requestor may notbe the account holder and, in some cases, may be attempting to perform afraudulent payment card action through ATM 16.

Once the authentication information has been compared, authenticationcomputing device 106 generates authentication result 514. Authenticationresult 514 indicates whether or not the identity of the requestor hasbeen authenticated. In some embodiments, authentication result 514includes an authentication value that indicates a confidence score ofauthentication computing device 106 that the requestor is the authenticaccount holder. Authentication computing device 106 may transmitauthentication result 514 to ATM computing device 102, client device104, and/or a different computing device, such as bank computing device14 (shown in FIG. 1).

FIG. 6 is a diagram of an example method 600 for authenticating arequest for a payment card action at an ATM using system 100 (shown inFIG. 2). In the example embodiment, method 600 is implemented by anauthentication computing device. In some embodiments, method 600 may beat least partially performed by a different computing device, such as anATM computing device. In other embodiments, method 600 may includeadditional, fewer, or alternative steps for authenticating a request,including those described elsewhere herein.

Method 600 begins with the authentication computing device storing 602an authentication profile in a memory associated with the authenticationcomputing device. The authentication profile includes account identifierand authentication information associated with a payment account and anaccount holder of the account. In at least some embodiments, theauthentication computing device receiving the account identifier and theauthentication information associated with the account holder. Theauthentication computing device generates the authentication profileassociated with the account holder and the payment account based on thereceived account identifier and authentication information.

The authentication computing device receives 604 an authenticationrequest associated with the payment account of the account holder. Theauthentication request is associated with a payment card action requestfrom a requestor. The payment account request is submitted by therequestor to an ATM computing device or a client device to request apayment card action be performed through an ATM. The authenticationcomputing device retrieves 606 the stored authentication profile for thepayment account and generates 608 an authentication challenge based onthe stored authentication profile. The authentication computing devicetransmits 610 the authentication challenge to the ATM and/or the clientdevice. The authentication computing device receives 612 anauthentication response from the requestor and determines 614 anauthentication result based, at least in part, on the authenticationresponse. The authentication result indicates if the requestor is theauthenticated account holder of the payment account.

FIG. 7 is a diagram 700 of components of one or more example computingdevices that may be used in the environment shown in FIG. 6. FIG. 7further shows a configuration of databases including at least database108 (shown in FIG. 2). Database 108 is coupled to several separatecomponents within authentication computing device 106, which performspecific tasks.

Authentication computing device 106 includes a storing component 702configured to store an authentication profile in a memory associatedwith authentication computing device 106 (e.g., database 108).Authentication computing device 106 includes a receiving component 704configured to receive an authentication request and an authenticationresponse. Authentication computing device 106 includes a retrievingcomponent 706 configured to retrieve a stored authentication profile fora payment account. Authentication computing device 106 further includesa generating component 708 configured to generate an authenticationchallenge. Authentication computing device 106 additionally includes atransmitting component 710 configured to transmit an authenticationchallenge to a client device and/or an ATM computing device.Authentication computing device 106 further includes a determiningcomponent 712 configured to determine an authentication result based, atleast in part, on an authentication response.

In an exemplary embodiment, database 108 is divided into a plurality ofsections, including but not limited to, an authentication profilesection 714, a payment account section 716, and an authentication resultsection 718. These sections within database 108 are interconnected toupdate and retrieve the information as required. Authentication profilesection 714 may include, for example, authentication profiles of one ormore account holders. Authentication profile section 714 may alsoinclude authentication information separate from the authenticationprofiles. Payment account section 716 may include account identifiersand/or user identifiers for identifying payment accounts and accountholders that are enrolled in the authentication service. Authenticationresult section 718 may include authentication values and otherinformation associated with each authentication request received byauthentication computing device 106.

As used herein, the term “non-transitory computer-readable media” isintended to be representative of any tangible computer-based deviceimplemented in any method or technology for short-term and long-termstorage of information, such as, computer-readable instructions, datastructures, program modules and sub-modules, or other data in anydevice. Therefore, the methods described herein may be encoded asexecutable instructions embodied in a tangible, non-transitory, computerreadable medium, including, without limitation, a storage device and/ora memory device. Such instructions, when executed by a processor, causethe processor to perform at least a portion of the methods describedherein. Moreover, as used herein, the term “non-transitorycomputer-readable media” includes all tangible, computer-readable media,including, without limitation, non-transitory computer storage devices,including, without limitation, volatile and nonvolatile media, andremovable and non-removable media such as a firmware, physical andvirtual storage, CD-ROMs, DVDs, and any other digital source such as anetwork or the Internet, as well as yet to be developed digital means,with the sole exception being a transitory, propagating signal.

This written description uses examples to disclose the invention,including the best mode, and also to enable any person skilled in theart to practice the invention, including making and using any devices orsystems and performing any incorporated methods. The patentable scope ofthe invention is defined by the claims, and may include other examplesthat occur to those skilled in the art. Such other examples are intendedto be within the scope of the claims if they have structural elementsthat do not differ from the literal language of the claims, or if theyinclude equivalent structural elements with insubstantial differencesfrom the literal languages of the claims.

What is claimed is:
 1. An authentication computing device incommunication with (i) a client device associated with an account holderand (ii) an automated teller machine (ATM) configured to dispensepayment cards, the authentication computing device including at leastone processor in communication with a memory, said processor configuredto: generate an authentication profile associated with the accountholder, the authentication profile including an account identifierassociated with a payment account of the account holder and biometricauthentication information associated with the account holder; store,within the memory, the generated authentication profile; receive, fromthe ATM, an authentication request associated with the payment accountof the account holder in response to a payment card action request froma requestor for a payment card to be generated by the ATM; retrieve thestored authentication profile for the payment account; generate abiometric authentication challenge based on the stored authenticationprofile; transmit the biometric authentication challenge to the clientdevice; receive, from the client device, a biometric authenticationresponse generated in response to the biometric authenticationchallenge; determine whether the biometric authentication responsereceived from the client device matches the biometric authenticationinformation associated with the account holder; generate, based on thedetermination, an authentication result, the authentication resultindicating whether the requestor is the authenticated account holder ofthe payment account; and transmit, to the ATM, the authenticationresult, the authentication result instructing the ATM whether to proceedwith the payment card action request and generate the payment card. 2.The authentication computing device in accordance with claim 1, whereinsaid processor is further configured to transmit the authenticationresult to the client device.
 3. The authentication computing device inaccordance with claim 1 wherein said processor is further configured togenerate the authentication profile by: receiving the biometricauthentication information from a user information database based uponthe account identifier, the account identifier including userinformation associated with the account holder; and linking thebiometric authentication information to the stored authenticationprofile.
 4. The authentication computing device in accordance with claim3, wherein said processor is further configured to: retrieve the linkedbiometric authentication information from the generated authenticationprofile in response to the authentication request; and generate thebiometric authentication challenge based, at least in part, on thelinked biometric authentication information.
 5. The authenticationcomputing device in accordance with claim 1, wherein said processor isfurther configured to determine whether the biometric authenticationresponse received from the client device matches the biometricauthentication information associated with the account holder by:comparing the stored biometric authentication information of theauthentication profile to the collected biometric authenticationinformation of the biometric authentication response; and determiningthe stored biometric authentication information and the collectedbiometric authentication information match based on the comparison. 6.The authentication computing device in accordance with claim 1, whereinthe payment card action request further includes a request from therequestor for at least one of unblocking the payment account and addingfunds to a payment card.
 7. The authentication computing device inaccordance with claim 1, wherein the processor is further configured to:receive location data associated with the client device in response totransmitting the biometric authentication challenge to the clientdevice; retrieve location data associated with the ATM; compare thelocation data associated with the client device to the location dataassociated with the ATM; and generate the authentication result based inpart on the comparison, the comparison indicates if the client device iswithin a predetermined radius of the ATM.
 8. A method for authenticatinga requestor for a payment card action request using an authenticationsystem computing device in communication with (i) a client deviceassociated with an account holder and (ii) an automated teller machine(ATM) configured to dispense payment cards, the authentication computingdevice including at least one processor in communication with a memory,said method comprising: generating an authentication profile associatedwith the account holder, the authentication profile including an accountidentifier associated with a payment account of the account holder andbiometric authentication information associated with the account holder;storing, within the memory, the generated authentication profile;receiving, from the ATM, by the authentication computing device, anauthentication request associated with the payment account of theaccount holder in response to the payment card action request from therequestor for a payment card to be generated by the ATM; retrieving thestored authentication profile for the payment account; generating, bythe authentication computing device, a biometric authenticationchallenge based on the stored authentication profile; transmitting thebiometric authentication challenge to the client device; receiving, fromthe client device, a biometric authentication response generated inresponse to the biometric authentication challenge; determine, by theauthentication computing device, whether the biometric authenticationresponse received from the client device matches the biometricauthentication information associated with the account holder;generating, based on the determination, by the authentication computingdevice, an authentication result, the authentication result indicatingwhether the requestor is the authenticated account holder of the paymentaccount; and transmitting, to the ATM, by the authentication computingdevice, the authentication result, the authentication result instructingthe ATM whether to proceed with the payment card action request andgenerate the payment card.
 9. The method in accordance with claim 8further comprising transmitting the authentication result to the clientdevice.
 10. The method in accordance with claim 8, wherein generatingthe authentication profile further comprises: receiving the biometricauthentication information from a user information database based uponthe account identifier, the account identifier including userinformation associated with the account holder; and linking thebiometric authentication information to the stored authenticationprofile.
 11. The method in accordance with claim 10, wherein generatingthe authentication challenge further comprises: retrieving the linkedbiometric authentication information from the generated authenticationprofile in response to the authentication request; and generating thebiometric authentication challenge based, at least in part, on thelinked biometric authentication information.
 12. The method inaccordance with claim 8, wherein determining whether the biometricauthentication response received from the client device matches thebiometric authentication information associated with the account holderfurther comprises: comparing the stored biometric authenticationinformation of the authentication profile to the collected biometricauthentication information of the biometric authentication response; anddetermining, by the authentication computing device, the storedbiometric authentication information and the collected biometricauthentication information match based on the comparison.
 13. The methodin accordance with claim 8, wherein the payment card action requestfurther includes a request from the requestor for at least one ofunblocking the payment account and adding funds to a payment card. 14.The method in accordance with claim 8, wherein generating theauthentication result further comprises: receiving location dataassociated with the client device in response to transmitting thebiometric authentication challenge to the client device; retrievinglocation data associated with the ATM; comparing, by the authenticationcomputing device, the location data associated with the client device tothe location data associated with the ATM; and generating theauthentication result based in part on the comparison, the comparisonindicating if the client device is within a predetermined radius of theATM.
 15. A non-transitory computer-readable storage media forauthenticating a requestor for a payment action request through anautomated teller machine (ATM) configured to dispense payment cardsusing an authentication computing device, wherein the authenticationcomputing device is in communication with (i) a client device associatedwith an account holder and (ii) the ATM, the authentication computingdevice including at least one processor in communication with a memory,the computer-readable storage media having computer-executableinstructions embodied thereon, wherein, when executed by at least oneprocessor, the computer-executable instructions cause the processor to:generate an authentication profile associated with the account holder,the authentication profile including an account identifier associatedwith a payment account of the account holder and biometricauthentication information associated with the account holder; store,within the memory, the generated authentication profile; receive, fromthe ATM, an authentication request associated with the payment accountof the account holder in response to a payment card action request froma requestor for a payment card to be generated by the ATM; retrieve thestored authentication profile for the payment account; generate abiometric authentication challenge based on the stored authenticationprofile; transmit the biometric authentication challenge to the clientdevice; receive, from the client device, a biometric authenticationresponse generated in response to the biometric authenticationchallenge; determine whether the biometric authentication responsereceived from the client device matches the biometric authenticationinformation associated with the account holder; generate, based on thedetermination, an authentication result, the authentication resultindicating whether the requestor is the authenticated account holder ofthe payment account; and transmit, to the ATM, the authenticationresult, the authentication result instructing the ATM whether to proceedwith the payment card action request and generate the payment card. 16.The non-transitory computer-readable storage media in accordance withclaim 15, wherein the computer-executable instructions further causesthe processor to transmit the authentication result to the clientdevice.
 17. The non-transitory computer-readable storage media inaccordance with claim 15, wherein the computer-executable instructionsfurther causes the processor to generate the authentication profile by:receiving the biometric authentication information from a userinformation database based upon the account identifier, the accountidentifier including user information associated with the accountholder; and linking the biometric authentication information to thestored authentication profile.
 18. The non-transitory computer-readablestorage media in accordance with claim 17, wherein thecomputer-executable instructions further causes the processor to:retrieve the linked biometric authentication information from thegenerated authentication profile in response to the authenticationrequest; and generate the biometric authentication challenge based, atleast in part, on the linked biometric authentication information. 19.The non-transitory computer-readable storage media in accordance withclaim 15, wherein the computer-executable instructions further causesthe processor to determine whether the biometric authentication responsereceived from the client device matches the biometric authenticationinformation associated with the account holder by: comparing the storedbiometric authentication information of the authentication profile tothe collected biometric authentication information of the biometricauthentication response; and determining the stored biometricauthentication information and the collected biometric authenticationinformation match based on the comparison.
 20. The non-transitorycomputer-readable storage media in accordance with claim 15, wherein thepayment card action request further includes a request from therequestor for at least one of unblocking the payment account and addingfunds to a payment card.
 21. The non-transitory computer-readablestorage media in accordance with claim 15, wherein thecomputer-executable instructions further causes the processor to:receive location data associated with the client device in response totransmitting the biometric authentication challenge to the clientdevice; retrieve location data associated with the ATM; compare thelocation data associated with the client device to the location dataassociated with the ATM; and generate the authentication result based inpart on the comparison, the comparison indicates if the client device iswithin a predetermined radius of the ATM.